3898 matches found
CVE-2024-49666 WordPress ARPrice plugin <= 4.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through = 4.1.3...
PT-2025-4643 · Unknown · Taskbuilder
Name of the Vulnerable Software and Affected Versions: Taskbuilder versions 3.0.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can pose a significant cybersecurity risk. Recommendations: F...
XWiki 6.3-milestone-2 < 13.10.5, 14.0 (14.0-rc-1) < 14.3 SQLi Vulnerability (GHSA-wh34-m772-5398)
Xwiki is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescriptio...
CVE-2025-23219
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...
CVE-2025-23220
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...
CVE-2025-23220
The CVE pertains to WeGIA, an open-source web manager for welfare organizations. A SQL Injection exists in the adicionar_raca.php endpoint (parameter raca), allowing attackers to execute arbitrary SQL and potentially dump the database. This vulnerability has a critical impact (high confidentialit...
CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...
CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...
CVE-2025-23219 WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...
CVE-2025-23219
CVE-2025-23219 – WeGIA SQL injection : The vulnerability exists in the WeGIA web manager, specifically in the endpoint “adicionar_cor.php” and its parameter “cor.” An attacker can inject arbitrary SQL, enabling unauthorized access and, as described, a complete dump of the application database. Th...
CVE-2025-23219 WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...
CVE-2025-23218 WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...
CVE-2025-23218 WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...
CVE-2024-52870
Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality including Chromium Developer Tools that can result in a client user accessing arbitrary remote websites...
CVE-2024-52870
CVE-2024-52870 concerns Teradata Vantage Editor 1.0.1, which is primarily a SQL editor but exposes unintended functionality, including Chromium Developer Tools, that can let a client user access arbitrary remote websites. The Red Hat/NVD entries confirm the affected product and behavior; the issu...
CVE-2025-23779
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through = 2.0.5...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of protection for the SQL query structure. This allows attackers to extract the contents of the database of the software tool and gain access to write and read arbitrary files.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to remotely access and manipulate the database content of the software platform, as well as gain...
CVE-2025-0103 Expedition: SQL Injection Vulnerability
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...
PT-2025-2914 · Unknown · Fancy Product Designer
Name of the Vulnerable Software and Affected Versions: Fancy Product Designer versions n/a through 6.4.3 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as a SQL Injection vulnerability. This vulnerability can allow an attacke...
CVE-2024-12030
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdfvalue' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...